EP3738059A4 - SYSTEMS AND METHODS FOR DETECTING AND MITIGATING CODE INJECTION ATTACKS - Google Patents

SYSTEMS AND METHODS FOR DETECTING AND MITIGATING CODE INJECTION ATTACKS Download PDF

Info

Publication number: EP3738059A4
Authority: EP; European Patent Office
Prior art keywords: detecting; systems; methods; injection attacks; code injection
Prior art date: 2018-01-08
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.): Withdrawn

Application number

EP19735911.0A

Other languages

German (de)

French (fr)

Other versions

EP3738059A1 (en

Inventor

Henry R. TUBLIN

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Digital Immunity Inc

Original Assignee

Digital Immunity Inc

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2018-01-08

Filing date

2019-01-08

Publication date

2021-10-20

2019-01-08 Application filed by Digital Immunity Inc filed Critical Digital Immunity Inc

2020-11-18 Publication of EP3738059A1 publication Critical patent/EP3738059A1/en

2021-10-20 Publication of EP3738059A4 publication Critical patent/EP3738059A4/en

Status Withdrawn legal-status Critical Current

Classifications

- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/29—Graphical models, e.g. Bayesian networks
- G06F18/295—Markov models or related models, e.g. semi-Markov models; Markov random fields; Networks embedding Markov models
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software

Landscapes

Engineering & Computer Science (AREA)
Computer Security & Cryptography (AREA)
Theoretical Computer Science (AREA)
Software Systems (AREA)
General Engineering & Computer Science (AREA)
Computer Hardware Design (AREA)
Physics & Mathematics (AREA)
General Physics & Mathematics (AREA)
Virology (AREA)
General Health & Medical Sciences (AREA)
Health & Medical Sciences (AREA)
Data Mining & Analysis (AREA)
Life Sciences & Earth Sciences (AREA)
Artificial Intelligence (AREA)
Bioinformatics & Cheminformatics (AREA)
Bioinformatics & Computational Biology (AREA)
Computer Vision & Pattern Recognition (AREA)
Evolutionary Biology (AREA)
Evolutionary Computation (AREA)
Data Exchanges In Wide-Area Networks (AREA)
Debugging And Monitoring (AREA)

EP19735911.0A 2018-01-08 2019-01-08 SYSTEMS AND METHODS FOR DETECTING AND MITIGATING CODE INJECTION ATTACKS Withdrawn EP3738059A4 (en)

Applications Claiming Priority (2)

Application Number	Priority Date	Filing Date	Title
US201862614616P	2018-01-08	2018-01-08
PCT/US2019/012662 WO2019136428A1 (en)	2018-01-08	2019-01-08	Systems and methods for detecting and mitigating code injection attacks

Publications (2)

Publication Number	Publication Date
EP3738059A1 EP3738059A1 (en)	2020-11-18
EP3738059A4 true EP3738059A4 (en)	2021-10-20

Family

ID=67140704

Family Applications (1)

Application Number	Title	Priority Date	Filing Date
EP19735911.0A Withdrawn EP3738059A4 (en)	2018-01-08	2019-01-08	SYSTEMS AND METHODS FOR DETECTING AND MITIGATING CODE INJECTION ATTACKS

Country Status (5)

Country	Link
US (1)	US11263307B2 (en)
EP (1)	EP3738059A4 (en)
CA (1)	CA3088604A1 (en)
IL (1)	IL275759A (en)
WO (1)	WO2019136428A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
GB2588822B (en) *	2019-11-11	2021-12-29	F Secure Corp	Method of threat detection
US12056239B2 (en) *	2020-08-18	2024-08-06	Micro Focus Llc	Thread-based malware detection

Citations (1)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US20120023583A1 (en) *	2010-07-20	2012-01-26	Mcafee, Inc.	System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US7382782B1 (en) *	2002-04-12	2008-06-03	Juniper Networks, Inc.	Packet spraying for load balancing across multiple packet processors
US7360249B1 (en) *	2004-01-13	2008-04-15	Symantec Corporation	Refining behavioral detections for early blocking of malicious code
FR2886027A1 (en) *	2005-05-20	2006-11-24	Proton World Internatinal Nv	SEQUENCING ERROR DETECTION IN THE EXECUTION OF A PROGRAM
US7610493B2 (en) *	2005-08-31	2009-10-27	Intel Corporation	System and methods for adapting to attacks on cryptographic processes on multiprocessor systems with shared cache
US8136154B2 (en) *	2007-05-15	2012-03-13	The Penn State Foundation	Hidden markov model (“HMM”)-based user authentication using keystroke dynamics
US8613096B2 (en) *	2007-11-30	2013-12-17	Microsoft Corporation	Automatic data patch generation for unknown vulnerabilities
US10318730B2 (en) *	2007-12-20	2019-06-11	Bank Of America Corporation	Detection and prevention of malicious code execution using risk scoring
US8272059B2 (en) *	2008-05-28	2012-09-18	International Business Machines Corporation	System and method for identification and blocking of malicious code for web browser script engines
US8540820B2 (en) *	2009-10-21	2013-09-24	Whirlpool Corporation	Rinse aid release detection method
US8176559B2 (en) *	2009-12-16	2012-05-08	Mcafee, Inc.	Obfuscated malware detection
US20110219449A1 (en) *	2010-03-04	2011-09-08	St Neitzel Michael	Malware detection method, system and computer program product
US9202049B1 (en)	2010-06-21	2015-12-01	Pulse Secure, Llc	Detecting malware on mobile devices
CN103370716B (en) *	2010-11-03	2016-10-19	维吉尼亚技术知识产权公司	Method and system for monitoring integrity of computer-based systems using electrical fingerprinting
US9003501B2 (en) *	2010-12-07	2015-04-07	Mcafee, Inc.	Method and system for protecting against unknown malicious activities by detecting a heap spray attack on an electronic device
EP2756366B1 (en) *	2011-09-15	2020-01-15	The Trustees of Columbia University in the City of New York	Systems, methods, and media for detecting return-oriented programming payloads
US8640243B2 (en) *	2012-03-22	2014-01-28	International Business Machines Corporation	Detecting malicious computer code in an executing program module
US9904792B1 (en) *	2012-09-27	2018-02-27	Palo Alto Networks, Inc	Inhibition of heap-spray attacks
US9497029B2 (en) *	2012-09-28	2016-11-15	Intel Corporation	Hardening of direct anonymous attestation from side-channel attack
WO2014144857A2 (en) *	2013-03-15	2014-09-18	Power Fingerprinting Inc.	Systems, methods, and apparatus to enhance the integrity assessment when using power fingerprinting systems for computer-based systems
KR101794116B1 (en) *	2013-03-18	2017-11-06	더 트러스티스 오브 컬럼비아 유니버시티 인 더 시티 오브 뉴욕	Unsupervised detection of anomalous processes using hardware features
US9202054B1 (en) *	2013-06-12	2015-12-01	Palo Alto Networks, Inc.	Detecting a heap spray attack
US9171154B2 (en) *	2014-02-12	2015-10-27	Symantec Corporation	Systems and methods for scanning packed programs in response to detecting suspicious behaviors
US9438623B1 (en) *	2014-06-06	2016-09-06	Fireeye, Inc.	Computer exploit detection using heap spray pattern matching
US9973531B1 (en) *	2014-06-06	2018-05-15	Fireeye, Inc.	Shellcode detection
US9881153B2 (en) *	2014-06-20	2018-01-30	Leviathan, Inc.	System and method for detection of heap spray attack
US9465938B2 (en) *	2014-09-22	2016-10-11	Qualcomm Incorporated	Integrated circuit and method for detection of malicious code in a first level instruction cache
US10049210B2 (en) *	2015-05-05	2018-08-14	Leviathan Security Group, Inc.	System and method for detection of omnientrant code segments to identify potential malicious code
US9804800B2 (en) *	2015-06-29	2017-10-31	Palo Alto Networks, Inc.	Detecting heap-spray in memory images
US9992217B2 (en) *	2015-12-31	2018-06-05	The University Of North Carolina At Chapel Hill	Methods, systems, and computer readable media for detecting malicious network traffic
US9514301B1 (en) *	2016-01-06	2016-12-06	International Business Machines Corporation	Interlinking modules with differing protections using stack indicators
US9606855B1 (en) *	2016-01-06	2017-03-28	International Business Machines Corporation	Caller protected stack return address in a hardware managed stack architecture
US10228992B2 (en) *	2016-01-06	2019-03-12	International Business Machines Corporation	Providing instructions to facilitate detection of corrupt stacks
US9495237B1 (en) *	2016-01-06	2016-11-15	International Business Machines Corporation	Detection of corruption of call stacks
US9582274B1 (en) *	2016-01-06	2017-02-28	International Business Machines Corporation	Architected store and verify guard word instructions
US10430586B1 (en) *	2016-09-07	2019-10-01	Fireeye, Inc.	Methods of identifying heap spray attacks using memory anomaly detection
US10013557B1 (en) *	2017-01-05	2018-07-03	Votiro Cybersec Ltd.	System and method for disarming malicious code

2019
- 2019-01-08 CA CA3088604A patent/CA3088604A1/en active Pending
- 2019-01-08 WO PCT/US2019/012662 patent/WO2019136428A1/en unknown
- 2019-01-08 EP EP19735911.0A patent/EP3738059A4/en not_active Withdrawn
- 2019-01-08 US US16/242,292 patent/US11263307B2/en active Active
2020
- 2020-06-30 IL IL275759A patent/IL275759A/en unknown

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number	Priority date	Publication date	Assignee	Title
US20120023583A1 (en) *	2010-07-20	2012-01-26	Mcafee, Inc.	System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PARUJ RATANAWORABHAN ET AL: "NOZZLE: A Defense Against Heap-spraying Code Injection Attacks", PROCEEDINGS OF THE USENIX SECURITY SYMPOSIUM, AUGUST 2009, 31 August 2009 (2009-08-31), pages 1 - 18, XP055286057, Retrieved from the Internet <URL:https://kapravelos.com/papers/nozzle.pdf> [retrieved on 20160705] *
See also references of WO2019136428A1 *

Also Published As

Publication number	Publication date
EP3738059A1 (en)	2020-11-18
US20190213323A1 (en)	2019-07-11
CA3088604A1 (en)	2019-07-11
WO2019136428A1 (en)	2019-07-11
WO2019136428A8 (en)	2020-08-13
IL275759A (en)	2020-08-31
US11263307B2 (en)	2022-03-01

Publication	Publication Date	Title
EP3824321A4 (en)	2022-04-06	SYSTEMS AND METHODS FOR DETECTING UNDERGROUND EVENTS
EP3759238A4 (en)	2021-11-24	SYSTEMS AND METHODS FOR DETECTING RESIDUAL DISEASES
EP4044906A4 (en)	2023-05-24	SYSTEMS AND METHODS FOR MULTISIZE STROKE DETECTION
EP3560171A4 (en)	2020-02-26	SYSTEMS AND METHODS FOR DETECTING RISKY DRIVING BEHAVIOR
EP3884411A4 (en)	2022-09-14	SYSTEMS AND METHODS FOR DETECTING MALWARE AND RANSOMWARE BASED ON CRYPTOCURRENCIES
EP3803664A4 (en)	2022-03-09	SYSTEMS AND METHODS FOR MACHINE LEARNING-BASED APPLICATION SECURITY TESTING
EP3665858A4 (en)	2020-07-15	SYSTEMS AND METHODS FOR VERIFYING INTERACTIONS
EP3740908A4 (en)	2021-10-20	SYSTEMS AND METHODS FOR MODELING PROBABILITY DISTRIBUTIONS
EP3638096A4 (en)	2020-07-22	METHODS AND SYSTEMS FOR OCT-GUIDED GLAUCOSURGERY
EP3610395A4 (en)	2020-09-30	SYSTEMS AND PROCEDURES FOR PROFILING APPLICATION SAFETY
EP3535415A4 (en)	2020-07-01	METHODS AND SYSTEMS FOR TUMOR DETECTION
EP3861372C0 (en)	2024-12-04	SYSTEMS AND METHODS FOR USER LOCATION
EP3931351A4 (en)	2022-05-11	TARGET DETECTION SYSTEMS, COMPOSITIONS AND METHODS
EP3857260A4 (en)	2022-06-08	METHODS AND SYSTEMS FOR IMAGEING RETROREFLECTORS
EP3466031A4 (en)	2020-01-15	SYSTEMS AND METHODS FOR DETECTING ANOMALIES
EP3469567A4 (en)	2020-03-04	SYSTEMS AND METHODS FOR THE AUTOMATIC DETECTION OF SPILLS
EP3803365A4 (en)	2022-01-26	SYSTEMS, DEVICES AND METHODS FOR GAS DETECTION
EP3963363A4 (en)	2023-08-02	RADARD DATA COMBINATION SYSTEMS AND METHODS
EP3701066C0 (en)	2024-10-16	METHODS AND SYSTEMS FOR PROTEIN IDENTIFICATION
EP3973398A4 (en)	2023-06-21	CYBERSECURITY THREATS DETECTION AND MITIGATION SYSTEMS AND PROCEDURES
EP3509494A4 (en)	2020-03-04	SYSTEMS AND METHODS FOR DETECTING IV INFILTRATION
EP3861446A4 (en)	2021-12-15	SYSTEMS, METHODS AND DEVICE FOR DETECTING ADDRESS ERRORS
EP3682239A4 (en)	2021-10-13	SYSTEMS AND METHODS FOR DETECTING PERIPROSTHETIC INFECTION
EP3525127A4 (en)	2020-05-20	METHOD AND SYSTEM FOR BLOCKING PHISHING OR RANSOMWARE ATTACKS
EP3937780A4 (en)	2022-12-07	METHODS AND SYSTEMS FOR TIMED FLUORESCENCE-BASED DETECTION

Legal Events

Date	Code	Title	Description
2019-07-12	STAA	Information on the status of an ep patent application or granted ep patent	Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE
2020-10-16	PUAI	Public reference made under article 153(3) epc to a published international application that has entered the european phase	Free format text: ORIGINAL CODE: 0009012
2020-10-16	STAA	Information on the status of an ep patent application or granted ep patent	Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE
2020-11-18	17P	Request for examination filed	Effective date: 20200705
2020-11-18	AK	Designated contracting states	Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR
2020-11-18	AX	Request for extension of the european patent	Extension state: BA ME
2021-04-14	DAV	Request for validation of the european patent (deleted)
2021-04-14	DAX	Request for extension of the european patent (deleted)
2021-10-20	A4	Supplementary search report drawn up and despatched	Effective date: 20210916
2021-10-20	RIC1	Information provided on ipc code assigned before grant	Ipc: G06F 21/56 20130101ALI20210910BHEP Ipc: G06F 21/52 20130101ALI20210910BHEP Ipc: G06F 21/55 20130101ALI20210910BHEP Ipc: G06F 21/51 20130101ALI20210910BHEP Ipc: G06F 21/44 20130101ALI20210910BHEP Ipc: G06F 21/12 20130101AFI20210910BHEP
2024-11-15	STAA	Information on the status of an ep patent application or granted ep patent	Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN
2024-12-18	18D	Application deemed to be withdrawn	Effective date: 20240801